CVE-2021-40526
4.8 MEDIUMIncorrect calculation of buffer size vulnerability in Peleton TTR01 up to and including PTV55G allows a remote attacker to trigger a Deni...
Published: 2021-10-25 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 4.8 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
- CWE
- CWE-131
Affected products
| Vendor | Product |
|---|---|
| onepeloton | ttr01_firmware |
Description
Incorrect calculation of buffer size vulnerability in Peleton TTR01 up to and including PTV55G allows a remote attacker to trigger a Denial of Service attack through the GymKit daemon process by exploiting a heap overflow in the network server handling the Apple GymKit communication. This can lead to an Apple MFI device not being able to authenticate with the Peleton Bike
Source: NVD
References
Related CVEs
Same vendor
- CVE-2021-40527 — Exposure of senstive information to an unauthorised actor in the "com.onepeloton.erlich" mobile application up to and including version 1... (8.6 HIGH)
Same CWE
- CVE-2026-46521 — ImageMagick is free and open-source software used for editing and manipulating digital images (5.5 MEDIUM)
- CVE-2026-11604 — An incorrect buffer size calculation in the epoch key generator in OpenVPN ovpn-dco-win version 2.0.0 through 2.8.3 allows a remote authe...
- CVE-2026-49841 — FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implem... (9.8 CRITICAL)
- CVE-2026-42915 — Incorrect calculation of buffer size in Windows VMSwitch allows an authorized attacker to deny service over an adjacent network (5.7 MEDIUM)
- CVE-2026-27820 — zlib is a Ruby interface for the zlib compression/decompression library (9.8 CRITICAL)